Privacy policy

Privacy Policy on the Processing of Personal Data

Effective as of 09/02/2026

INTRODUCTION

This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and with the Italian Privacy Code (Legislative Decree No. 196 of 30 June 2003).
This document has also been prepared in accordance with the guidelines issued by the Italian Data Protection Authority, in particular the Guidelines on combating spam dated 4 July 2013.

Data Controller

Trianon Borgo Pio
Piazza delle Vaschette 13
VAT No.: IT05704971000
Email: info@carosellorooftop.it

The Data Controller has not appointed a Data Protection Officer (DPO).
Therefore, any request for information may be sent directly to the Data Controller using the contact details provided above.

Website

This Privacy Policy applies to the website of the Data Controller (hereinafter, the “Website”).

---

GENERAL INFORMATION

This document describes how the Data Controller processes the personal data provided by users through the Website.

Below is a description of the main processing activities, the relevant legal basis, whether the provision of data is mandatory or optional, and the consequences of any refusal to provide personal data.

Where the user enters personal data relating to third parties on the Website, the user guarantees that they have obtained the consent of the data subjects and undertakes to indemnify and hold harmless the Data Controller from any liability.

---

Responding to Requests

Personal data are processed in order to respond to information requests submitted by users.

• Provision of data: optional

• Legal basis: legitimate interest of the Data Controller

• Consequences of failure to provide data: inability to respond to requests

---

General Marketing

Subject to the user’s consent, the Data Controller may send promotional communications, advertising material and/or newsletters relating to its own products or services or those of third parties.

• Legal basis: consent

• Provision of data: optional

• Consequences of refusal: inability to receive promotional communications

• Communication channel: email address provided by the user

---

Profiling

Subject to the user’s consent, personal data may be processed for profiling purposes, in order to analyse user preferences and consumption habits and to send personalised communications.

• Legal basis: consent

• Provision of data: optional

• Consequences of refusal: no profiling and no personalised communications

---

Disclosure of Data

The Data Controller does not transfer or sell users’ personal data to third parties.

---

Geolocation

The Website uses tools to geolocate the user’s IP address.

---

Curriculum Vitae

It is not possible to submit curriculum vitae through the Website.
Therefore, personal data are not processed for this purpose.

---

Appointment Booking

No online appointment booking systems are active on the Website.
Users may contact the Data Controller using the contact details provided.

---

Photographs and Videos

The Data Controller does not request the publication of photographs or videos depicting users.

---

Web Scraping

Any use of automated processes (including scraping, crawling, or spidering) to access, acquire, or monitor the Website without written authorisation is strictly prohibited.
Any violation may result in suspension of access and legal action to protect the Data Controller’s interests.

---

Communication of Personal Data

In the course of its activities, the Data Controller may communicate personal data to:

• Public Authorities, where required by law

• Legal, tax, and administrative professionals and consultants

• Authorised employees and collaborators

• IT service providers, hosting and maintenance providers

• CRM platforms used for sending communications

• Banks and payment service providers

• Couriers and shipping companies for product delivery

This list may be updated based on operational requirements.

---

Art. 3 – Data Retention

Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected, in particular:

• Contractual purposes: 10 years

• Marketing purposes: 24 months

• Profiling purposes: 12 months

• Accounting records: 10 years (Article 2220 of the Italian Civil Code)

---

Art. 4 – Transfer of Personal Data

Personal data may be transferred:

• To the United States, on the basis of the European Commission’s adequacy decision

• To the United Kingdom, recognised as providing an adequate level of protection as of 28 June 2021

Any transfers to non-EU countries not recognised as adequate will be specified in this section.

---

Art. 5 – Data Subject Rights

Users have the right to:

• access their personal data

• request rectification or erasure

• request restriction of processing or object to processing

• request data portability

• withdraw consent at any time

• lodge a complaint with the competent Supervisory Authority

Requests may be sent to info@carosellorooftop.it.

---

Art. 6 – Amendments

The Data Controller reserves the right to amend this Privacy Policy at any time.
Any changes will be published on the Website and, where relevant, communicated by email.